It's been one week since the massive Heartbleed flaw was disclosed publicly and websites began frantically patching, but the potential danger of the bug being used to hack into businesses' internal networks and steal their data could last for years to come.
The attention initially focused on patching public-facing websites and protecting user credentials from Heartbleed, as well as sites' digital certificates. But the long-term ramifications of the Heartbleed encryption flaw in the widely deployed open-source OpenSSL library are slowly coming into focus: how cyberspies and sophisticated cybercrime gangs can or already have used the bug to infiltrate an organization's intranet servers, network devices, client machines, and VPN servers in order to steal valuable data.
"The immediate focus should have been on the perimeter and external websites. But the long-term devastation and real cost is from the internal [network] perspective," says Rob Seger, distinguished engineer at Palo Alto Networks. "Being able to steal all the data carte blanche is, in my opinion, a more lasting and negative" outcome of Heartbleed.
Click here to read the full story on Dark Reading. Kelly Jackson Higgins is Senior Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, ... View Full Bio